EVM Annexure I
The lacunae in public and private databases of polling centers and candidate information, EVM programming, vote tracking and secrecy of the process and the vulnerabilities in the voting process that result as a consequence. #'Lacunae in Private Databases' ##The ECI does not have a CIO to design, oversee and certify the information at every stage of the process. ##It appears therefore that several independent vendors and agencies manage the process of maintaining the private databases that store the various database tables including constituency, polling centre and candidate information. ##This makes the entire digital information of the ECI open to question in terms of its authenticity, interpretation and fidelity. ##The ECI does not have a Chief Security Officer to design, oversee and certify the security of any electronic processes, there appears no process to ensure overall security of the entire information network. ##Unlike the names of the DEO and Observers, the ECI does not appear to make public the names and contact details of the organizations and individuals involved in creating, maintaining and archiving the databases. ##The ECI does not have any technical process overview that includes a system diagram of the network architecture particularly highlighting the locations of the routers, switches and security firewalls. ##This makes the entire process of collecting, storing and reading digital information of the ECI open to question in terms of its security, integrity and fidelity. ##There appears no audit process from a third party security auditor obtained prior to, during and after an election certifying the network, systems, database and application security. ##There appears no regular reporting of inspections of the log file of the database server as well as the routers/switches/firewalls that provide access to the machine(s). ##This makes the entire digital information a matter of faith on the honesty and integrity of the people, organizations and processes that manage and control parts of the whole. This is obviously not a sufficient basis to trust the information. #'Lacunae in Public Databases' ##There are too many URL’s on which the entire election process is run: http://eci.nic.in, http://eciresults.nic.in, individual state CEO sites, various District Collectorate websites. ##This results in too many versions of the same public information- for example voters lists, candidate lists, results as well as instructions for candidates and agents. ##The authenticity of any site is not certified and there is no way to resolve the authentic version in case of discrepancy of information on different locations. ##The source of the public data accessible on various parts of the ECI website are unspecified. For example the data of candidates listed on http://eci.nic.in/candidateinfo/frmcandidate.aspx including the downloadable excel spreadsheet do not specify where or how the information got there in the first place, its authenticity or contents. ##There is no way to access any daily archives of the data (assuming they are maintained) making it difficult to allow public audit and transparency of the way information changes on the site. ##There are no clarifications provided on the website or otherwise of any coding of data as for example existed on the entire spreadsheet on Candidate Information between 6th May and 15th May. ##There is no clarification to those querying or publicly about the presence of votes polled in a coded form in the same spreadsheet between the same dates. ##This is a serious breach of trust of the vital information of the election process. ##There is no consistency of update of information or any timetable to the effect: the result data is not accessible on the location displaying candidate information and the spreadsheet that had the votes polled information in coded form after election was completed in phase 1, 2 and 3 but before the elections happened in phase 4 and 5. ##There is no public list of the names and contact details of the organizations and individuals involved in creating, maintaining and archiving the website and public databases. This is as important as saying who the Observer and returning officers are. ##This makes all public information provided by the ECI questionable in terms of its source, date and authenticity. #'Lacunae in EVM' ##The process followed to program the ballot units to various candidates names and map the votes to a data-store on the control unit is not publicly documented. The names of officials doing this mapping are not public. This is critical as this is amongst the important ways to ensure the vote to a candidate actually gets counted for the same candidate. ##The data-structure used to store the votes polled on the control units are not part of public domain information. How is every vote stored and what information is associated with each vote to be able to count it or even audit it if needed? ##The source-code and the pseudo-code of the program used to read the data-structure to display the votes are not part of public domain. This is a crucial part of the EVM as it actually can maintain the fidelity of votes. There is no way to know if this process was not compromised by reading or reporting alternate numbers than the actual votes polled. ##There is a lot of speculation about the version of EVM that was used at every polling centre. Different versions have been reported to have ability to store different information with the votes (eg time stamp). It is not what is altered in the EVM when such upgrades occur (hardware, software, memory). There is no information on how the program that reads the votes is upgraded after such changes. This casts a shadow on the veracity of the machines ability to certify if what-it-says is what-it-does. ##There are no publicly declared software or hardware that ensures the data-structures that store the vote information cannot be accessed, read or written except by “authorized” software. This means anyone who can generate software that can access the data-structure will be able to read or write to it. ##Since it is unclear how the data-structure changes with an “upgrade” of the EVM, it could still be written onto by programs that can gain access to it. ##There are almost a million EVMs. There is no publicly documented way used to ensure all EVM’s confirm to standard specifications only. ##The names and contact details of the organizations involved in programming the ballot units to candidate names are not public. ##The names and contact details of the organizations involved in programming the control units to read candidate names are not public. ##There is no documentation of any other than the operational layer (use of the EVM) security and audit that can guarantee that this transfer, storage and reading of data is secure or has high fidelity. ##There are no known controls in the software that can certify that the votes are those cast from the "ballot unit" and not from other software or hardware sources. There are no controls can certify that they have not been transformed in transmission or reading. ##There is no clarification from the ECI about the "coded spreadsheets". It is both possible and plausible that the data was coded to write onto the datastructure of the EVM. ##There is no known digital database of "unit" wise votes is maintained to identify the unique votes read off each "unit". ##This makes the votes “polled” as read from the EVM completely a matter of trust in the people, organizations and processes and is not verifiable or auditable by the voters themselves or even at an aggregate level by analysts, candidates or independent auditors. This jeopardizes the very basis of democratic transparency. #'Lacunae in Tracking Votes' ##There is no electronic mechanism to track a vote to a unique polling centre and EVM. This makes it difficult to audit any vote and certify its genuineness. ##The process of randomization of EVM distribution is manual and not truly random. The EVMs assigned to a DEO are known. ##The EVM cannot store information about the polling centre it was deployed and can easily be substituted elsewhere. ##In case of discrepancy of the serial numbers that are manually recorded it is solely the discretion of the RO to decide if malpractice has occurred or clerical error has occered. ##The EVM cannot store any record of the actual candidate or party whose votes are stored. It only has counters in memory locations that are manually mapped to a candidate. ##These facts make vulnerable the ability of tracking the votes as well as certifying them down to the polling booth and candidate by a third party audit process. #'Secrecy about Process' ##The ECI has not made the processes and operations that affect these questions public. These are questions that affect the very fabric of democracy and have nothing to do with the political process of voting. ##The ECI has not clarified on queries raised by various people. ##Copies of all filled Form 17C, 20 to be provided are not made public. ##This makes the entire democratic process vulnerable to mistrust and questioning. It gives rise to speculation and loss of faith in the ECI. #'Reforms' ##There currently no agenda to devise alternative mechanisms to allow electronic voting to distinguish human votes (those cast by people through voting) from machine votes (those cast by software or hardware malfunction or compromise). ##No “Democracy Test” has been designed or used by the ECI that will help certify that the democratic process is not compromised in any of the technology steps and the votes that count are people votes. ##Currently there is no reform agenda to build a “vote bank” that would store the votes of every voter, available for recall or transfer that could help voters to ensure their vote continues to be counted- like the online banking enabling account holders to deposit, withdraw or transfer money and also know their money still counts. ##This makes the entire election process remain a “black-box” to the voter. There is no mechanism to enhance democracy and the voters right to franchise, there is only automation that can hijack the right to franchise. This is a very serious vulnerability in ensuring democracy and its evolution will move in the right direction. Category:India Category:Elections